Seqrite Endpoint Security (EPS) Cloud 1.7

Firewall

Print Friendly, PDF & Email

Firewall shields your endpoint by monitoring both inbound and outbound network connections. It analyzes all incoming connections whether it is secure and should be allowed through, and checks whether the outgoing communication follows the compliance that you have set for security policies. Firewall works silently in the background and monitors network activity for malicious behavior.
You can create different policies for various groups/departments like enabling Firewall protection, applying Firewall security level with an exception rule and other settings according to the requirements. For example, you can apply security level as High for the Accounts Department, and apply an exception rule by entering the policy with additional policy settings. You can also apply the Display alert message when firewall violation occurs and Enable firewall reports options. While for Marketing Department, you can create a policy with security level as Low without an exception rule and apply the Enable firewall reports options only.

Note
The Firewall feature is available only in the clients with Microsoft Windows.

Configuring Firewall

To configure policy for Firewall, follow these steps:

  1. Create Container/feature policy for Firewall.
  2. On the Feature Policy page, you can see the following list of settings with expand sign and toggle button. Expand and Enable settings that you want to configure.
    • Firewall – When you enable this, a prompt appears,”This action will disable Windows Firewall on your endpoint. Do you want to continue?”
      Click OK.
    • Exceptions
  3. To save your settings, click Save Policy.
    Importantly, if you have customized the settings and later you want to revert to the default settings, you can do so by clicking the Reset Default button.

Firewall

  1. In the Level option, select one of the following:

    • Block all
    • High
    • Medium
    • Low
    Level Description
    Block all Blocks all Inbound and Outbound connections without any exception. This is the strictest level of security.
    High Blocks all Inbound and Outbound connections with an exception rule. The exception policy can be created for allowing or denying connections either for inbound or outbound through certain communication protocols, IP address, and Ports such as TCP, UDP, and ICMP.
    Medium Blocks all Inbound and allows all Outbound connections with an exception rule. The exception policy can be created for allowing or denying either inbound or outbound connections through certain communication protocols, IP address, Ports such as TCP, UDP, and ICMP. For example, if you allow receiving data from a certain IP address, the users can receive data but cannot send to the same IP address. To take more advantage of this security level policy, it is advisable that you allow receiving inbound connections and block outbound connections.
    Low Allows all Inbound and Outbound connections. When you apply Low security level, it is advisable that you create an exception rule for denying particular inbound or outbound data with the help of certain Protocols, IP address, and Ports to take more advantage of the security level policy.
  2. By default, the Monitor Wi-Fi Networks check box is selected. This option helps to receive alert messages when connected with unsecured Wi-Fi network and when an attempt is detected to access unsecured client Wi-Fi (hotspot). Also, the reports are generated at the server.
  3. If you want an alert message about firewall violation, select the Display alert message when firewall violation occurs check box.
  4. If you want reports for all blocked connections, select the Enable firewall reports check box.

    Note
    If the Firewall policy is set as Block All, Firewall will block all connections and generate many reports that may impact your network connection.

Exceptions

With Exceptions, you can allow genuine programs to perform communication irrespective of the Firewall level whether set as High or Medium. With Exceptions, you can block or allow Inbound and Outbound communication through IP addresses and ports.

Creating the Exceptions

  1. In Exceptions section, the list of Exceptions appears.
  2. To create new exception, click Add.
  3. On the Add/Edit Exception screen, type a name in the Exception Name text box and select a protocol. The protocol includes: TCP, UDP, and ICMP.
  4. Click Next.
  5. In Local IP Address section, type an IP address or IP range, and then click Next. If you select Any IP Addresses, you need not type an IP address.
  6. Under Local TCP/UDP Ports, type a port or port range, and then click Next. If you select All Ports, you need not type a port as all ports are selected. If you mention Local IP Address or IP range or port, this exception will be applicable for incoming communications.
  7. In Remote IP Address section, type an IP address or IP range and then click Next. If you select Any IP Addresses, you need not type an IP address as all IP addresses will be blocked. If you mention remote IP or port, that exception will be for outgoing communications.
  8. In Remote TCP/UDP Ports section, type a port or port range, and then click Next. If you select All Ports, you need not type a port as all ports are selected.
  9. In Action, select either Allow or Deny.
  10. In Status, select either Enable or Disable.
  11. Click Finish.
    The Exception is added at top position in the Exceptions list. The sequence of the exceptions decides the precedence of the rule. The precedence is in descending order.

Editing the Exceptions rule

You can edit the exceptions rule which are created by you. To edit the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exception that you want to edit.
  2. On the Add/Edit Exception screen, you can edit the name in the Exception Name text box and edit the protocol. The protocol includes: TCP, UDP, and ICMP.
  3. Click Next.
  4. Edit Local IP Address if required, and then click Next.
  5. Edit Local TCP/UDP Ports if required, and then click Next.
  6. Edit Remote IP Address if required, and then click Next.
  7. Edit Remote TCP/UDP Ports if required, and then click Next.
  8. Under Action, you can select either Allow or Deny.
  9. Under Status, you can select either Enable or Disable.
  10. Click Finish.
  11. Click Save Policy.

Deleting the Exceptions rule

You can delete the exceptions rule that you have created. To delete the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exception that you want to delete.
  2. The action bar is enabled above the table. In the drop down, select Delete.
  3. Click Submit. The selected exception rule is deleted.
  4. Click Save Policy.

Exporting the Exceptions rule

You can export the exceptions rule that you have created. To export the Exceptions rule, follow these steps:

  1. In Exceptions section, select the exceptions that you want to export.
  2. Select Action > Export. The Opening firewall_exception.json dialog appears.
  3. Select Save File.
  4. Click Ok.
    The database file, firewall_exception.json is downloaded.

Importing the exceptions rule

You can import the exceptions rule that you have created in the earlier versions of EPS. To import the Exceptions rule, follow these steps:

  1. In Exceptions section, click Add > Import. The File Upload dialog appears.
  2. Select the database file, firewall_exception.json.
  3. Click Open.
    The database file, firewall_exception.json is imported.
Was this page helpful?
Yes No

Leave a Comment